consumes: - application/json produces: - application/json schemes: - https swagger: "2.0" info: description: OpenZiti Edge Client API title: Ziti Edge Client contact: name: OpenZiti url: https://openziti.discourse.group email: help@openziti.org license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html version: 0.26.14 host: demo.ziti.dev basePath: /edge/client/v1 paths: /: get: security: [] tags: - Informational summary: Returns version information operationId: listRoot responses: "200": description: Version information for the controller schema: $ref: '#/definitions/listVersionEnvelope' /.well-known/est/cacerts: get: security: [] description: | This endpoint is used during enrollments to bootstrap trust between enrolling clients and the Ziti Edge API. This endpoint returns a base64 encoded PKCS7 store. The content can be base64 decoded and parsed by any library that supports parsing PKCS7 stores. produces: - application/pkcs7-mime tags: - Well Known summary: Get CA Cert Store operationId: listWellKnownCas responses: "200": description: A base64 encoded PKCS7 store schema: type: string example: | MIIMUQYJKoZIhvcNAQcCoIIMQjCCDD4CAQExADALBgkqhkiG9w0BBwGgggwkMIIG BjCCA+6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVTMRcw FQYDVQQIDA5Ob3J0aCBDYXJvbGluYTESMBAGA1UEBwwJQ2hhcmxvdHRlMRMwEQYD VQQKDApOZXRGb3VuZHJ5MSkwJwYDVQQLDCBOZXRGb3VuZHJ5IENlcnRpZmljYXRl IEF1dGhvcml0eTEbMBkGA1UEAwwSTmV0Rm91bmRyeSBSb290IENBMB4XDTE4MDUx ODE2NTcyM1oXDTI4MDUxNTE2NTcyM1owgYsxCzAJBgNVBAYTAlVTMRcwFQYDVQQI DA5Ob3J0aCBDYXJvbGluYTETMBEGA1UECgwKTmV0Rm91bmRyeTEpMCcGA1UECwwg TmV0Rm91bmRyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIzAhBgNVBAMMGk5ldEZv dW5kcnkgSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAsb1EPhMUweS9WpjT7L54xAOmZqugJ6fhSrFfLUwNUy172q+ASvZTpT1z KIPcZpGmPB3TX2bHaAR67BbRkUR11JgWE3U8+FsGrYmPZtaKM6fg8Mh0WZ41oMYQ NJyQixOktrgqfybyJoT5PeT5AA7QQmd8mku2X9nkAu6gWPf2nHNc7SeQdijmyQQa VK3oqyaxOzWzsU/XbfMEz/ObkefUxgt5Z6jlK0xcW0Q+QgtawMKLUiuo6obWRPcl 7Hm9Sze8XJS5pbvS5JkUszxoRZuDVHZylrlHIpA/IL+BnvS+M7SP28UWe9skrv/s 6ACpJtuPJ1EYf5fakugOpY7i+hq7YNi//csbc49Qjn2OtttrR7JcTaHUEU1I/tQb QGAtNkI4pJjRVUdDawQFQlWHZD1COixNLErs2HzAI00DhLrY6SKITI/kjN0Xx010 XdMcdfay0PLWm6RwxiRmMQFL4GNIC895NF1q6xV4W4rWgqUNlcvKpy+i1chWpRbU He16ul0qh10fcESrRvAbXn5YrQJLrwbSr+85ubN8lYdNLE0qg2cIXZlUilarZZzW ghtCe+KkUpjfRuAi/CqfSwNK3QXEfeVEK6S49mHeSekOizFIw7fmDhCz9vXwMOnb ryRSLEJks0gIRcSDVChXheAqC98y4kcQdniNWFnqJXoqA+rrSokCAwEAAaNmMGQw HQYDVR0OBBYEFK8UXC/sq6dGVFAqEXHsQDzqzwuUMB8GA1UdIwQYMBaAFEHz6RRu OuXj2mwAzOeUinfWeivpMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBDAAaOE2Nbb49eOjyTNxIeOB+ZKQjJ1hUE gRrootAA8NYbtKW/vyxTWnNi5XOGXd4DFS9OKZ0mL/7NyLc0mbTwPH2ZT8KTPUTS Cpo6yktZ/7TMjyAtWZiOMg2EH+6m/nlNSXk/v5fb8+JQLdZfpxoA017dHh3tc8l7 KOskCZNwQHgF/YMXrPXUNbsGkXRuJLtpjPw5O9GvPys7p+a1aJH1WCTly9zfB6j+ rMF+UGCPDT30sxitVlohik83j6pKLgEAP/gi8nJbILlTP7ce+gJeHR2tfDvmK91X 6QgCF2STUFBU7/9H1/pPRRykOxQpAd8xqSgqGEyp9Ie4tysZjwoUEnG8IVJ5ykrI Fximvnb4B+LABV9WEo08n8m1R8wEryrISi8fBPn3Pr5nuayOfFLa15CLTkZF40FN 8ika1qNZy8bWRDwTZJQUUb7VCheRWcMwdZdNmhl3J+VZLpQ+ruW7b2ajwacHz5Nw BHKNcmxXb/4vHq/BnlcayHnSqT6036+OZQ+owDegcYmWV6LaM7xLErjHz2EE38M2 YSiW5SU1zluDe+iHb6l3Gd3Fj/X1gkMWFgYh0XPMSUSyimLNYzy4THKzmWlcQNFo LLiIDbLrMt+vk+vBkIsNTTPXRJOFPBhmIF6uIUj+2YhzNotX/pQtqMKms3pPlmHq dH6biwygETCCBhYwggP+oAMCAQICCQDquKpymLJ5WzANBgkqhkiG9w0BAQsFADCB lzELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRIwEAYDVQQH DAlDaGFybG90dGUxEzARBgNVBAoMCk5ldEZvdW5kcnkxKTAnBgNVBAsMIE5ldEZv dW5kcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDDBJOZXRGb3VuZHJ5 IFJvb3QgQ0EwHhcNMTgwNTE4MTY1NDQ3WhcNMzgwNTEzMTY1NDQ3WjCBlzELMAkG A1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHDAlDaGFy bG90dGUxEzARBgNVBAoMCk5ldEZvdW5kcnkxKTAnBgNVBAsMIE5ldEZvdW5kcnkg Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDDBJOZXRGb3VuZHJ5IFJvb3Qg Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKq/Xa+749Cr3WJGYD DIEtNKIRnTFc6TeiRSm/O7hG2+1Nrh/dObjZJuDjsopWP8NFA/DwlNyEphYKAeSw HDmu+4nFd6ifoeDE2lYq6bNhLcgN+A3MlN5Phb2rnO32YYZwHXGWov+jtd2gaK0f WsH8CQxn6n2v7qvPMTeYFP8p4jqTZw2bvZWw+LMYTFCy541DFqQLQasMg10mXRAV XO7Oa9y+D1re1zLq4wS6u8ItJoKzfmvZkMvD90C/tQ4u0iJaL7GB2SE9MOPDeGVv pnoSAIkSVmvRDUAj2x9PuukykzoL1OAWzc5Cg+5LxRmLejVE7PvPcHaTtNag2tRD w2vbMeFKN8NvQH1QYcaPWZe4Vl9b6DAuTaH5RN919H/F+ZHyjZybVPwC14lflneI KyNy8JEV/YMIbEADWnuiedzDehk2Opn+0+9Zr2X/xfjCo8iWHFbNaVnQX7wdRaOo 783lEouncqe46FDBLBpyAuDKHQpIT3MK8rkC/1yBNxsH44vMweUZuK0u7PC9KHtm pQfuflYGfxA34kY6WU3jzyQHetoLYjoxTqNEEjuGpwy2o1j7RaCBEFIbYlnlbhpE WFTaQf96z2GQ6m1U3y7JyDflHSu9Fo1JNkG3qXsjDwda/6W7NRJRgdFrhnOwrm7F 6L9X4P1HnzU/VJL66LwPmiHVjQIDAQABo2MwYTAdBgNVHQ4EFgQUQfPpFG465ePa bADM55SKd9Z6K+kwHwYDVR0jBBgwFoAUQfPpFG465ePabADM55SKd9Z6K+kwDwYD VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIB ACfU74aKWROaxnue8tZb5PFkEbnDRcRrKXRhnptA0vrgB4ydnYxX9hEBZD8o6PBy 3rewvl5meSOBE6zyb4JD80lHdzHSVFIwbzsNOeEjCslv/PA/3Y+J7DCt6gPNMDeY uEssdqeSiMoYz2gnven4flSMKgTAJd3/SpVrn35HzXiU9MkmFVpPEMnTctOjw+Jn cCkG5+D9N14dxtgZ/tUfbH+GUfhyGVxRdPrX5KQqAyapMfEaMXXa8KNs7PG+sDiS WI+Sg9jUGtxgkfKdVNtFW+QMXyy7eT3iXPA+1r2hFAhgfIaGtBJUhxPHMhKtjbAg AX+6+2D3GAbaD1+lcQHhKry3hygQ3OX79FJW6zyPS0tiV/LfovHqX/3x9q5PTVBO wEOS2/LCc4R2M7S+HIPf4eSJ+nH4uCIdJ42WCror/mRsuL7geCksi70GHuCynP4y qQFszu/UtbBEsN8loTnLpOInxaGB1Y8UPm14b2Lo1/3HkoMVh0/UaHJ0TmnZ1r7m fGhfRyAZYRdvT1sB+Eb4b5A2zEZqsTc9IwFOhnI4ZilPoZ5s2xejqrVw3GSvovEh dprrQmvxuh+VQ23y/+/4z9b2xWyDu2zVveB4whqPe2rkgxJrEl4GfLk2DW+dN6j8 3Zl4lPoUZYwzkC6raCaHyFlAoaTbqz0H6rvVJYxJPS6UoQAxAA== /authenticate: post: security: [] description: | Allowed authentication methods include "password", "cert", and "ext-jwt" tags: - Authentication summary: Authenticate via a method supplied via a query string parameter operationId: authenticate parameters: - name: auth in: body schema: $ref: '#/definitions/authenticate' responses: "200": description: The API session associated with the session used to issue the request schema: $ref: '#/definitions/currentApiSessionDetailEnvelope' examples: default: data: _links: self: href: ./current-api-session configTypes: [] createdAt: "2020-03-09T19:03:49.1883693Z" expiresAt: "2020-03-09T19:34:21.5600897Z" id: 27343114-b44f-406e-9981-f3c4f2f28d54 identity: _links: self: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d name: Default Admin urlName: identities tags: - userField1: 123 - userField2: asdf token: 28bb0ed2-0577-4632-ae70-d17106b92871 updatedAt: "2020-03-09T19:04:21.5600897Z" meta: {} "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The authentication request could not be processed as the credentials are invalid schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: INVALID_AUTH message: The authentication request failed requestId: 5952ed10-3091-474f-a691-47ebab6990dc meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - enum: - password - cert - ext-jwt type: string name: method in: query required: true /authenticate/mfa: post: security: - ztSession: [] - oauth2: - openid description: Completes MFA authentication by submitting a MFA time based one time token or backup code. tags: - Authentication - MFA summary: Complete MFA authentication operationId: authenticateMfa parameters: - description: An MFA validation request name: mfaAuth in: body required: true schema: $ref: '#/definitions/mfaCode' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: Base empty response schema: $ref: '#/definitions/empty' "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /controllers: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of controllers tags: - Controllers summary: List controllers operationId: listControllers parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of controllers schema: $ref: '#/definitions/listControllersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-api-session: get: security: - ztSession: [] - oauth2: - openid description: Retrieves the API session that was used to issue the current request tags: - Current API Session summary: Return the current API session operationId: getCurrentAPISession responses: "200": description: The API session associated with the session used to issue the request schema: $ref: '#/definitions/currentApiSessionDetailEnvelope' examples: default: data: _links: self: href: ./current-api-session configTypes: [] createdAt: "2020-03-09T19:03:49.1883693Z" expiresAt: "2020-03-09T19:34:21.5600897Z" id: 27343114-b44f-406e-9981-f3c4f2f28d54 identity: _links: self: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d name: Default Admin urlName: identities tags: - userField1: 123 - userField2: asdf token: 28bb0ed2-0577-4632-ae70-d17106b92871 updatedAt: "2020-03-09T19:04:21.5600897Z" meta: {} "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Terminates the current API session tags: - Current API Session summary: Logout responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-api-session/certificates: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of certificate resources for the current API session; supports filtering, sorting, and pagination tags: - Current API Session summary: List the ephemeral certificates available for the current API Session operationId: listCurrentApiSessionCertificates parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of the current API Session's certificate schema: $ref: '#/definitions/listCurrentApiSessionCertificatesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Creates an ephemeral certificate for the current API Session. This endpoint expects a PEM encoded CSRs to be provided for fulfillment as a property of a JSON payload. It is up to the client to manage the private key backing the CSR request. tags: - Current API Session summary: Creates an ephemeral certificate for the current API Session operationId: createCurrentApiSessionCertificate parameters: - description: The payload describing the CSR used to create a session certificate name: sessionCertificate in: body required: true schema: $ref: '#/definitions/currentApiSessionCertificateCreate' responses: "201": description: A response of a create API Session certificate schema: $ref: '#/definitions/createCurrentApiSessionCertificateEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-api-session/certificates/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single ephemeral certificate by id tags: - Current API Session summary: Retrieves an ephemeral certificate operationId: detailCurrentApiSessionCertificate responses: "200": description: A response containing a single API Session certificate schema: $ref: '#/definitions/detailCurrentApiSessionCertificateEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: | Delete an ephemeral certificateby id tags: - Current API Session summary: Delete an ephemeral certificate operationId: deleteCurrentApiSessionCertificate responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-api-session/service-updates: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate service refreshes. tags: - Current API Session - Services summary: Returns data indicating whether a client should updates it service list operationId: listServiceUpdates responses: "200": description: Data indicating necessary service updates schema: $ref: '#/definitions/listCurrentApiSessionServiceUpdatesEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity: get: security: - ztSession: [] - oauth2: - openid description: Returns the identity associated with the API sessions used to issue the current request tags: - Current Identity summary: Return the current identity operationId: getCurrentIdentity responses: "200": description: The identity associated with the API Session used to issue the request schema: $ref: '#/definitions/currentIdentityDetailEnvelope' examples: default: data: _links: edge-router-policies: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d/edge-routers self: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d service-policies: href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d/identities authenticators: updb: username: admin createdAt: "2020-01-13T16:38:13.6854788Z" enrollment: {} id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d isAdmin: true isDefaultAdmin: true name: Default Admin roleAttributes: [] tags: {} type: _links: self: href: ./identity-types/User id: User name: User urlName: identity-types updatedAt: "2020-01-13T16:38:13.6854788Z" meta: {} "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/authenticators: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination. tags: - Current API Session summary: List authenticators for the current identity operationId: listCurrentIdentityAuthenticators parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of authenticators schema: $ref: '#/definitions/listAuthenticatorsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/authenticators/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity. tags: - Current API Session summary: Retrieve an authenticator for the current identity operationId: detailCurrentIdentityAuthenticator responses: "200": description: A singular authenticator resource schema: $ref: '#/definitions/detailAuthenticatorEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: | Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. tags: - Current API Session summary: Update all fields on an authenticator of this identity operationId: updateCurrentIdentityAuthenticator parameters: - description: An authenticator put object name: authenticator in: body required: true schema: $ref: '#/definitions/authenticatorUpdateWithCurrent' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: | Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity. tags: - Current API Session summary: Update the supplied fields on an authenticator of this identity operationId: patchCurrentIdentityAuthenticator parameters: - description: An authenticator patch object name: authenticator in: body required: true schema: $ref: '#/definitions/authenticatorPatchWithCurrent' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-identity/authenticators/{id}/extend: post: security: - ztSession: [] - oauth2: - openid description: |- This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active. tags: - Current API Session - Enroll - Extend Enrollment summary: Allows the current identity to recieve a new certificate associated with a certificate based authenticator operationId: extendCurrentIdentityAuthenticator parameters: - name: extend in: body required: true schema: $ref: '#/definitions/identityExtendEnrollmentRequest' responses: "200": description: A response containg the identity's new certificate schema: $ref: '#/definitions/identityExtendEnrollmentEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-identity/authenticators/{id}/extend-verify: post: security: - ztSession: [] - oauth2: - openid description: |- After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests. tags: - Current API Session - Enroll - Extend Enrollment summary: Allows the current identity to validate reciept of a new client certificate operationId: extendVerifyCurrentIdentityAuthenticator parameters: - name: extend in: body required: true schema: $ref: '#/definitions/identityExtendValidateEnrollmentRequest' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /current-identity/edge-routers: get: security: - ztSession: [] - oauth2: - openid description: | Lists the Edge Routers that the current identity has access to via policies. The data returned includes their address and online status tags: - Current Identity - Edge Router summary: Return this list of Edge Routers the identity has access to operationId: getCurrentIdentityEdgeRouters responses: "200": description: A list of edge routers schema: $ref: '#/definitions/listCurrentIdentityEdgeRoutersEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/mfa: get: security: - ztSession: [] - oauth2: - openid description: | Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a `POST /current-identity/mfa/verify`. tags: - Current Identity - MFA summary: Returns the current status of MFA enrollment operationId: detailMfa responses: "200": description: The details of an MFA enrollment schema: $ref: '#/definitions/detailMfaEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: | Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via `POST /current-identity/mfa/verify` tags: - Current Identity - MFA summary: Initiate MFA enrollment operationId: enrollMfa responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/createEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The identity is already enrolled in MFA schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: null cause: null causeMessage: "" code: ALREADY_MFA_ENROLLED message: The identity is already enrolled in MFA requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: | Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via `DELETE /identities//mfa`. tags: - Current Identity - MFA summary: Disable MFA for the current identity operationId: deleteMfa parameters: - type: string name: mfa-validation-code in: header responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/mfa/qr-code: get: security: - ztSession: [] - oauth2: - openid description: | Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started. produces: - image/png - application/json tags: - Current Identity - MFA summary: Show a QR code for unverified MFA enrollments operationId: detailMfaQrCode responses: "200": description: OK "404": description: No MFA enrollment or MFA enrollment is completed /current-identity/mfa/recovery-codes: get: security: - ztSession: [] - oauth2: - openid description: | Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. tags: - Current Identity - MFA summary: For a completed MFA enrollment view the current recovery codes operationId: detailMfaRecoveryCodes parameters: - description: An MFA validation request name: mfaValidation in: body schema: $ref: '#/definitions/mfaCode' - type: string name: mfa-validation-code in: header responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: | Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes. tags: - Current Identity - MFA summary: For a completed MFA enrollment regenerate the recovery codes operationId: createMfaRecoveryCodes parameters: - description: An MFA validation request name: mfaValidation in: body required: true schema: $ref: '#/definitions/mfaCode' responses: "200": description: The recovery codes of an MFA enrollment schema: $ref: '#/definitions/detailMfaRecoveryCodesEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /current-identity/mfa/verify: post: security: - ztSession: [] - oauth2: - openid description: | Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via `POST /current-identity/mfa`. tags: - Current Identity - MFA summary: Complete MFA enrollment by verifying a time based one time token operationId: verifyMfa parameters: - description: An MFA validation request name: mfaValidation in: body required: true schema: $ref: '#/definitions/mfaCode' responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /enroll: post: description: present a OTT and CSR to receive a long-lived client certificate consumes: - application/pkcs10 - application/json - application/x-pem-file - text/plain produces: - application/x-pem-file - application/json tags: - Enroll summary: Enroll an identity via one-time-token operationId: enroll responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string format: uuid name: token in: query - type: string name: method in: query /enroll/ca: post: description: | For CA auto enrollment, an identity is not created beforehand. Instead one will be created during enrollment. The client will present a client certificate that is signed by a Certificate Authority that has been added and verified (See POST /cas and POST /cas/{id}/verify). During this process no CSRs are requires as the client should already be in possession of a valid certificate. tags: - Enroll summary: Enroll an identity with a pre-exchanged certificate operationId: enrollCa responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /enroll/erott: post: description: | Enrolls an edge-router via a one-time-token to establish a certificate based identity. tags: - Enroll summary: Enroll an edge-router operationId: enrollErOtt responses: "200": description: A response containing the edge routers signed certificates (server chain, server cert, CAs). schema: $ref: '#/definitions/enrollmentCertsEnvelope' "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string format: uuid name: token in: query required: true /enroll/extend/router: post: description: | Allows a router to extend its certificates' expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation or swapping. After completion any new connections must be made with certificates returned from a 200 OK response. The previous client certificate is rendered invalid for use with the controller even if it has not expired. This request must be made using the existing, valid, client certificate. tags: - Enroll - Extend Enrollment summary: Extend the life of a currently enrolled router's certificates operationId: extendRouterEnrollment parameters: - name: routerExtendEnrollmentRequest in: body required: true schema: $ref: '#/definitions/routerExtendEnrollmentRequest' responses: "200": description: A response containg the edge routers new signed certificates (server chain, server cert, CAs). schema: $ref: '#/definitions/enrollmentCertsEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /enroll/ott: post: description: | Enroll an identity via a one-time-token which is supplied via a query string parameter. This enrollment method expects a PEM encoded CSRs to be provided for fulfillment. It is up to the enrolling identity to manage the private key backing the CSR request. consumes: - application/pkcs10 produces: - application/x-x509-user-cert tags: - Enroll summary: Enroll an identity via one-time-token operationId: enrollOtt responses: "200": description: A PEM encoded certificate signed by the internal Ziti CA schema: type: string examples: application/x-x509-user-cert: | -----BEGIN CERTIFICATE----- MIICzDCCAlGgAwIBAgIRAPkVg1jVKqnNGFpSB3lPbaIwCgYIKoZIzj0EAwIwXjEL MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0w KwYDVQQDDCROZXRGb3VuZHJ5IFppdGkgRXh0ZXJuYWwgQVBJIFJvb3QgQ0EwHhcN MTgxMTE1MTI1NzE3WhcNMTkxMTI1MTI1NzE3WjBrMQswCQYDVQQGEwJVUzELMAkG A1UECAwCTkMxEjAQBgNVBAcMCUNoYXJsb3R0ZTETMBEGA1UECgwKTmV0Rm91bmRy eTEPMA0GA1UECwwGQWR2RGV2MRUwEwYDVQQDDAxaaXRpQ2xpZW50MDEwdjAQBgcq hkjOPQIBBgUrgQQAIgNiAATTl2ft+/K9RvDgki9gSr9udNcV2bxD4LrWEdCdXNzF iVUiEcEte9z/M0JRt8lgo17OjFvS+ecrAmLtIZNmQnH3+9YeafjeNPpvQsMKxlTN MnU7Hka11GHc6swQZSyHvlKjgcUwgcIwCQYDVR0TBAIwADARBglghkgBhvhCAQEE BAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBD ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUtx+Tej6lSYdjb8Jbc2QuvoEsI/swHwYDVR0j BBgwFoAUcdTlRrnP43ZbQ3PGAbZMPE26+H4wDgYDVR0PAQH/BAQDAgXgMB0GA1Ud JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNpADBmAjEAuXDS H7KKMr+la+Yuh8d8Q9cLtXzdS0j6a8e7iOyPJmdWq2WuzNdbCfAfLgKXuxhSAjEA sadZrXl1OBv11RGAKdYBIyRmfYUotCFAtCNKcfgBUxci0TDaKDA7r3jnjKT1d7Fs -----END CERTIFICATE----- "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string format: uuid name: token in: query required: true /enroll/ottca: post: description: | Enroll an identity via a one-time-token that also requires a pre-exchanged client certificate to match a Certificate Authority that has been added and verified (See POST /cas and POST /cas{id}/verify). The client must present a client certificate signed by CA associated with the enrollment. This enrollment is similar to CA auto enrollment except that is required the identity to be pre-created. As the client certificate has been pre-exchanged there is no CSR input to this enrollment method. tags: - Enroll summary: Enroll an identity via one-time-token with a pre-exchanged client certificate operationId: enrollOttCa responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string format: uuid name: token in: query required: true /enroll/updb: post: description: | Enrolls an identity via a one-time-token to establish an initial username and password combination tags: - Enroll summary: Enroll an identity via one-time-token operationId: ernollUpdb responses: "200": description: Base empty response schema: $ref: '#/definitions/empty' "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string format: uuid name: token in: query required: true /enumerated-capabilities: get: security: [] tags: - Informational summary: Returns all capabilities this version of the controller is aware of, enabled or not. operationId: listEnumeratedCapabilities responses: "200": description: A typed and enumerated list of capabilities schema: $ref: '#/definitions/listEnumeratedCapabilitiesEnvelope' /external-jwt-signers: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a list of external JWT signers for authentication tags: - External JWT Signer summary: List Client Authentication External JWT operationId: listExternalJwtSigners parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of External JWT Signers schema: $ref: '#/definitions/listClientExternalJwtSignersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /posture-response: post: security: - ztSession: [] - oauth2: - openid description: Submits posture responses tags: - Posture Checks summary: Submit a posture response to a posture query operationId: createPostureResponse parameters: - description: A Posture Response name: postureResponse in: body required: true schema: $ref: '#/definitions/postureResponseCreate' responses: "201": description: Contains a list of services that have had their timers altered schema: $ref: '#/definitions/postureResponseEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /posture-response-bulk: post: security: - ztSession: [] - oauth2: - openid description: Submits posture responses tags: - Posture Checks summary: Submit multiple posture responses operationId: createPostureResponseBulk parameters: - description: A Posture Response name: postureResponse in: body required: true schema: type: array items: $ref: '#/definitions/postureResponseCreate' responses: "200": description: Contains a list of services that have had their timers altered schema: $ref: '#/definitions/postureResponseEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /protocols: get: security: [] tags: - Informational summary: Return a list of the listening Edge protocols operationId: listProtocols responses: "200": description: A list of supported Edge protocols schema: $ref: '#/definitions/listProtocolsEnvelope' "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /services: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access. tags: - Service summary: List services operationId: listServices parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query - type: array items: type: string collectionFormat: multi name: configTypes in: query - type: array items: type: string collectionFormat: multi name: roleFilter in: query - type: string name: roleSemantic in: query responses: "200": description: A list of services schema: $ref: '#/definitions/listServicesEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /services/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single service by id. Requires admin access. tags: - Service summary: Retrieves a single service operationId: detailService responses: "200": description: A single service schema: $ref: '#/definitions/detailServiceEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 put: security: - ztSession: [] - oauth2: - openid description: Update all fields on a service by id. Requires admin access. tags: - Service summary: Update all fields on a service operationId: updateService parameters: - description: A service update object name: service in: body required: true schema: $ref: '#/definitions/serviceUpdate' responses: "200": description: The update request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a service by id. Requires admin access. tags: - Service summary: Delete a service operationId: deleteService responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 patch: security: - ztSession: [] - oauth2: - openid description: Update the supplied fields on a service. Requires admin access. tags: - Service summary: Update the supplied fields on a service operationId: patchService parameters: - description: A service patch object name: service in: body required: true schema: $ref: '#/definitions/servicePatch' responses: "200": description: The patch request was successful and the resource has been altered schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/edge-routers: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves the list of edge routers permitted to handle traffic for the specified service tags: - Service summary: List of edge routers permitted to handle traffic for the specified service operationId: listServiceEdgeRouters parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query - type: string description: an optional JWT token use to authenticate the request. If provided, the token must be valid else a not authorized response is returned. name: session-token in: header responses: "200": description: A list of edge routers suitable for dialing or binding the specified service by the authenticated identity schema: $ref: '#/definitions/listServiceEdgeRoutersEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /services/{id}/terminators: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination. tags: - Service summary: List of terminators assigned to a service operationId: listServiceTerminators parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of terminators schema: $ref: '#/definitions/listClientTerminatorsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /sessions: get: security: - ztSession: [] - oauth2: - openid description: | Retrieves a list of active sessions resources; supports filtering, sorting, and pagination. Sessions are tied to an API session and are moved when an API session times out or logs out. Active sessions (i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active. tags: - Session summary: List sessions operationId: listSessions parameters: - type: integer name: limit in: query - type: integer name: offset in: query - type: string name: filter in: query responses: "200": description: A list of sessions schema: $ref: '#/definitions/listSessionsEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 post: security: - ztSession: [] - oauth2: - openid description: Create a session resource. tags: - Session summary: Create a session resource operationId: createSession parameters: - description: A session to create name: session in: body required: true schema: $ref: '#/definitions/sessionCreate' responses: "201": description: The create request was successful and the resource has been added at the following location schema: $ref: '#/definitions/sessionCreateEnvelope' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 /sessions/{id}: get: security: - ztSession: [] - oauth2: - openid description: Retrieves a single session by id. tags: - Session summary: Retrieves a single session operationId: detailSession responses: "200": description: A single session schema: $ref: '#/definitions/detailSessionEnvelope' "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "404": description: The requested resource does not exist schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 cause: null causeMessage: "" code: NOT_FOUND message: The resource requested was not found or is no longer available requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 delete: security: - ztSession: [] - oauth2: - openid description: Delete a session by id. tags: - Session summary: Delete a session operationId: deleteSession responses: "200": description: The delete request was successful and the resource has been removed schema: $ref: '#/definitions/empty' "400": description: The supplied request contains invalid fields or could not be parsed (json and non-json bodies). The error's code, message, and cause fields can be inspected for further information schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: details: context: (root) field: (root) property: fooField3 field: (root) message: '(root): fooField3 is required' type: required value: fooField: abc fooField2: def causeMessage: schema validation failed code: COULD_NOT_VALIDATE message: The supplied request contains an invalid document requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "401": description: The supplied session does not have the correct access rights to request this resource schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} cause: "" causeMessage: "" code: UNAUTHORIZED message: The request could not be completed. The session is not authorized or the credentials are invalid requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "409": description: The resource requested to be removed/altered cannot be as it is referenced by another object. schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: id: 71a3000f-7dda-491a-9b90-a19f4ee6c406 causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42 code: CONFLICT_CANNOT_MODIFY_REFERENCED message: The resource cannot be deleted/modified. Remove all referencing resources first. requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 "429": description: The resource requested is rate limited and the rate limit has been exceeded schema: $ref: '#/definitions/apiErrorEnvelope' examples: application/json: error: args: urlVars: {} causeMessage: you have hit a rate limit in the requested operation code: RATE_LIMITED message: The resource is rate limited and the rate limit has been exceeded. Please try again later requestId: 270908d6-f2ef-4577-b973-67bec18ae376 meta: apiEnrollmentVersion: 0.0.1 apiVersion: 0.0.1 parameters: - type: string description: The id of the requested resource name: id in: path required: true /specs: get: security: [] description: Returns a list of spec files embedded within the controller for consumption/documentation/code geneartion tags: - Informational summary: Returns a list of API specs operationId: listSpecs responses: "200": description: A list of specifications schema: $ref: '#/definitions/listSpecsEnvelope' /specs/{id}: get: security: [] description: Returns single spec resource embedded within the controller for consumption/documentation/code geneartion tags: - Informational summary: Return a single spec resource operationId: detailSpec responses: "200": description: A single specification schema: $ref: '#/definitions/detailSpecEnvelope' parameters: - type: string description: The id of the requested resource name: id in: path required: true /specs/{id}/spec: get: security: [] description: Return the body of the specification (i.e. Swagger, OpenAPI 2.0, 3.0, etc). produces: - text/yaml - application/json tags: - Informational summary: Returns the spec's file operationId: detailSpecBody responses: "200": description: Returns the document that represents the specification schema: $ref: '#/definitions/detailSpecBodyEnvelope' parameters: - type: string description: The id of the requested resource name: id in: path required: true /version: get: security: [] tags: - Informational summary: Returns version information operationId: listVersion responses: "200": description: Version information for the controller schema: $ref: '#/definitions/listVersionEnvelope' definitions: apiAddress: type: object properties: url: type: string version: type: string apiAddressArray: type: array items: $ref: '#/definitions/apiAddress' apiAddressList: type: object additionalProperties: $ref: '#/definitions/apiAddressArray' apiError: type: object properties: args: $ref: '#/definitions/apiErrorArgs' cause: $ref: '#/definitions/apiErrorCause' causeMessage: type: string code: type: string data: type: object additionalProperties: true message: type: string requestId: type: string apiErrorArgs: type: object properties: urlVars: type: object additionalProperties: type: string apiErrorCause: allOf: - $ref: '#/definitions/apiFieldError' - $ref: '#/definitions/apiError' apiErrorEnvelope: type: object required: - meta - error properties: error: $ref: '#/definitions/apiError' meta: $ref: '#/definitions/meta' apiFieldError: type: object properties: field: type: string reason: type: string value: description: can be any value - string, number, boolean, array or object apiSessionDetail: description: An API Session object type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - token - identity - identityId - configTypes - ipAddress - authQueries - cachedUpdatedAt - isMfaRequired - isMfaComplete - authenticatorId properties: authQueries: $ref: '#/definitions/authQueryList' authenticatorId: type: string cachedLastActivityAt: type: string format: date-time configTypes: type: array items: type: string identity: $ref: '#/definitions/entityRef' identityId: type: string ipAddress: type: string isMfaComplete: type: boolean isMfaRequired: type: boolean lastActivityAt: type: string format: date-time token: type: string apiVersion: type: object required: - path properties: apiBaseUrls: type: array items: type: string path: type: string version: type: string attributes: description: A set of strings used to loosly couple this resource to policies type: array items: type: string x-nullable: true x-omitempty: true authQueryDetail: type: object required: - provider properties: format: $ref: '#/definitions/mfaFormats' httpMethod: type: string httpUrl: type: string maxLength: type: integer minLength: type: integer provider: $ref: '#/definitions/mfaProviders' typeId: type: string authQueryList: type: array items: $ref: '#/definitions/authQueryDetail' authenticate: description: A generic authenticate object meant for use with the /authenticate path. Required fields depend on authentication method. type: object properties: configTypes: $ref: '#/definitions/configTypes' envInfo: $ref: '#/definitions/envInfo' password: $ref: '#/definitions/password' sdkInfo: $ref: '#/definitions/sdkInfo' username: $ref: '#/definitions/username' authenticatorDetail: description: A singular authenticator resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - method - identityId - identity properties: certPem: type: string fingerprint: type: string identity: $ref: '#/definitions/entityRef' identityId: type: string method: type: string username: type: string authenticatorList: description: An array of authenticator resources type: array items: $ref: '#/definitions/authenticatorDetail' authenticatorPatch: description: All of the fields on an authenticator that may be updated type: object properties: password: $ref: '#/definitions/passwordNullable' tags: $ref: '#/definitions/tags' username: $ref: '#/definitions/usernameNullable' authenticatorPatchWithCurrent: description: All of the fields on an authenticator that may be updated type: object allOf: - $ref: '#/definitions/authenticatorPatch' - type: object required: - currentPassword properties: currentPassword: $ref: '#/definitions/password' authenticatorUpdate: description: All of the fields on an authenticator that will be updated type: object required: - username - password properties: password: $ref: '#/definitions/password' tags: $ref: '#/definitions/tags' username: $ref: '#/definitions/username' authenticatorUpdateWithCurrent: description: All of the fields on an authenticator that will be updated type: object allOf: - $ref: '#/definitions/authenticatorUpdate' - type: object required: - currentPassword properties: currentPassword: $ref: '#/definitions/password' baseEntity: description: Fields shared by all Edge API entities type: object required: - id - createdAt - updatedAt - _links properties: _links: $ref: '#/definitions/links' createdAt: type: string format: date-time id: type: string tags: $ref: '#/definitions/tags' updatedAt: type: string format: date-time capabilities: type: string enum: - OIDC_AUTH - HA_CONTROLLER clientExternalJwtSignerDetail: description: A External JWT Signer resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - externalAuthUrl properties: externalAuthUrl: type: string format: url name: type: string example: MyApps Signer clientExternalJwtSignerList: description: An array of External JWT Signers resources type: array items: $ref: '#/definitions/clientExternalJwtSignerDetail' commonEdgeRouterProperties: type: object required: - hostname - name - supportedProtocols - syncStatus - isOnline - cost - noTraversal - disabled properties: appData: $ref: '#/definitions/tags' cost: type: integer maximum: 65535 minimum: 0 x-nullable: true disabled: type: boolean hostname: type: string isOnline: type: boolean name: type: string noTraversal: type: boolean x-nullable: true supportedProtocols: type: object additionalProperties: type: string syncStatus: type: string configTypes: description: Specific configuration types that should be returned type: array items: type: string controllerDetail: description: A controller resource type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - certPem - fingerprint - isOnline - lastJoinedAt properties: apiAddresses: $ref: '#/definitions/apiAddressList' certPem: type: string ctrlAddress: type: string x-nullable: true fingerprint: type: string isOnline: type: boolean lastJoinedAt: type: string format: date-time name: type: string controllersList: description: An array of controller resources type: array items: $ref: '#/definitions/controllerDetail' createCurrentApiSessionCertificateEnvelope: required: - meta - data properties: data: $ref: '#/definitions/currentApiSessionCertificateCreateResponse' meta: $ref: '#/definitions/meta' createEnvelope: type: object properties: data: $ref: '#/definitions/createLocation' meta: $ref: '#/definitions/meta' createLocation: type: object properties: _links: $ref: '#/definitions/links' id: type: string currentApiSessionCertificateCreate: type: object required: - csr properties: csr: type: string currentApiSessionCertificateCreateResponse: allOf: - $ref: '#/definitions/createLocation' - type: object required: - certificate properties: cas: type: string certificate: type: string currentApiSessionCertificateDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - subject - fingerprint - validFrom - validTo - certificate properties: certificate: type: string fingerprint: type: string subject: type: string validFrom: type: string format: date-time validTo: type: string format: date-time currentApiSessionCertificateList: type: array items: $ref: '#/definitions/currentApiSessionCertificateDetail' currentApiSessionDetail: description: An API Session object for the current API session type: object allOf: - $ref: '#/definitions/apiSessionDetail' - type: object required: - expiresAt - expirationSeconds properties: expirationSeconds: type: integer expiresAt: type: string format: date-time currentApiSessionDetailEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/currentApiSessionDetail' meta: $ref: '#/definitions/meta' currentApiSessionServiceUpdateList: type: object required: - lastChangeAt properties: lastChangeAt: type: string format: date-time currentIdentityDetailEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/identityDetail' meta: $ref: '#/definitions/meta' currentIdentityEdgeRouterDetail: description: A detail edge router resource type: object allOf: - $ref: '#/definitions/baseEntity' - $ref: '#/definitions/commonEdgeRouterProperties' currentIdentityEdgeRouterList: description: A list of edge router resources type: array items: $ref: '#/definitions/currentIdentityEdgeRouterDetail' detailAuthenticatorEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/authenticatorDetail' meta: $ref: '#/definitions/meta' detailCurrentApiSessionCertificateEnvelope: required: - meta - data properties: data: $ref: '#/definitions/currentApiSessionCertificateDetail' meta: $ref: '#/definitions/meta' detailMfa: type: object allOf: - $ref: '#/definitions/baseEntity' - required: - isVerified properties: isVerified: type: boolean provisioningUrl: description: Not provided if MFA verification has been completed type: string recoveryCodes: description: Not provided if MFA verification has been completed type: array items: type: string detailMfaEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/detailMfa' meta: $ref: '#/definitions/meta' detailMfaRecoveryCodes: type: object allOf: - $ref: '#/definitions/baseEntity' - required: - recoveryCodes properties: recoveryCodes: type: array items: type: string detailMfaRecoveryCodesEnvelope: type: object required: - meta - error properties: error: $ref: '#/definitions/detailMfaRecoveryCodes' meta: $ref: '#/definitions/meta' detailServiceEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceDetail' meta: $ref: '#/definitions/meta' detailSessionEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/sessionDetail' meta: $ref: '#/definitions/meta' detailSpecBodyEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/specBodyDetail' meta: $ref: '#/definitions/meta' detailSpecEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/specDetail' meta: $ref: '#/definitions/meta' dialBind: type: string enum: - Dial - Bind dialBindArray: type: array items: $ref: '#/definitions/dialBind' empty: type: object required: - meta - data properties: data: type: object example: {} meta: $ref: '#/definitions/meta' enrollmentCerts: type: object properties: ca: description: A PEM encoded set of CA certificates to trust type: string cert: description: A PEM encoded cert for the server type: string serverCert: description: A PEM encoded set of certificates to use as the servers chain type: string enrollmentCertsEnvelope: type: object properties: data: $ref: '#/definitions/enrollmentCerts' meta: $ref: '#/definitions/meta' entityRef: description: A reference to another resource and links to interact with it type: object properties: _links: $ref: '#/definitions/links' entity: type: string id: type: string name: type: string envInfo: description: Environment information an authenticating client may provide type: object properties: arch: type: string maxLength: 255 domain: type: string maxLength: 253 hostname: type: string maxLength: 253 os: type: string maxLength: 255 osRelease: type: string maxLength: 255 osVersion: type: string maxLength: 255 identityAuthenticators: type: object properties: cert: type: object properties: fingerprint: type: string id: type: string updb: type: object properties: id: type: string username: type: string identityDetail: description: Detail of a specific identity type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - type - typeId - isDefaultAdmin - isAdmin - authenticators - enrollment - envInfo - sdkInfo - roleAttributes - hasEdgeRouterConnection - hasApiSession - isMfaEnabled - serviceHostingPrecedences - serviceHostingCosts - defaultHostingCost - authPolicyId - authPolicy - externalId - disabled properties: appData: $ref: '#/definitions/tags' authPolicy: $ref: '#/definitions/entityRef' authPolicyId: type: string authenticators: $ref: '#/definitions/identityAuthenticators' defaultHostingCost: $ref: '#/definitions/terminatorCost' defaultHostingPrecedence: $ref: '#/definitions/terminatorPrecedence' disabled: type: boolean disabledAt: type: string format: date-time x-nullable: true disabledUntil: type: string format: date-time x-nullable: true enrollment: $ref: '#/definitions/identityEnrollments' envInfo: $ref: '#/definitions/envInfo' externalId: type: string x-nullable: true hasApiSession: type: boolean hasEdgeRouterConnection: type: boolean isAdmin: type: boolean isDefaultAdmin: type: boolean isMfaEnabled: type: boolean name: type: string roleAttributes: $ref: '#/definitions/attributes' sdkInfo: $ref: '#/definitions/sdkInfo' serviceHostingCosts: $ref: '#/definitions/terminatorCostMap' serviceHostingPrecedences: $ref: '#/definitions/terminatorPrecedenceMap' type: $ref: '#/definitions/entityRef' typeId: type: string identityEnrollments: type: object properties: ott: type: object properties: expiresAt: type: string format: date-time id: type: string jwt: type: string token: type: string ottca: type: object properties: ca: $ref: '#/definitions/entityRef' caId: type: string expiresAt: type: string format: date-time id: type: string jwt: type: string token: type: string updb: type: object properties: expiresAt: type: string format: date-time id: type: string jwt: type: string token: type: string identityExtendCerts: type: object properties: ca: description: A PEM encoded set of CA certificates type: string clientCert: description: A PEM encoded client certificate type: string identityExtendEnrollmentEnvelope: type: object properties: data: $ref: '#/definitions/identityExtendCerts' meta: $ref: '#/definitions/meta' identityExtendEnrollmentRequest: type: object required: - clientCertCsr properties: clientCertCsr: type: string identityExtendValidateEnrollmentRequest: type: object required: - clientCert properties: clientCert: description: A PEM encoded client certificate previously returned after an extension request type: string link: description: A link to another resource type: object required: - href properties: comment: type: string href: type: string format: uri method: type: string links: description: A map of named links type: object additionalProperties: $ref: '#/definitions/link' x-omitempty: false listAuthenticatorsEnvelope: type: object properties: data: $ref: '#/definitions/authenticatorList' meta: $ref: '#/definitions/meta' listClientExternalJwtSignersEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/clientExternalJwtSignerList' meta: $ref: '#/definitions/meta' listClientTerminatorsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/terminatorClientList' meta: $ref: '#/definitions/meta' listControllersEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/controllersList' meta: $ref: '#/definitions/meta' listCurrentApiSessionCertificatesEnvelope: required: - meta - data properties: data: $ref: '#/definitions/currentApiSessionCertificateList' meta: $ref: '#/definitions/meta' listCurrentApiSessionServiceUpdatesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/currentApiSessionServiceUpdateList' meta: $ref: '#/definitions/meta' listCurrentIdentityEdgeRoutersEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/currentIdentityEdgeRouterList' meta: $ref: '#/definitions/meta' listEnumeratedCapabilitiesEnvelope: type: object required: - meta - data properties: data: type: array items: $ref: '#/definitions/capabilities' meta: $ref: '#/definitions/meta' listProtocols: type: object additionalProperties: $ref: '#/definitions/protocol' listProtocolsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/listProtocols' meta: $ref: '#/definitions/meta' listServiceEdgeRoutersEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceEdgeRouters' meta: $ref: '#/definitions/meta' listServicesEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/serviceList' meta: $ref: '#/definitions/meta' listSessionsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/sessionList' meta: $ref: '#/definitions/meta' listSpecsEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/specList' meta: $ref: '#/definitions/meta' listVersionEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/version' meta: $ref: '#/definitions/meta' meta: type: object properties: apiEnrollmentVersion: type: string apiVersion: type: string filterableFields: type: array items: type: string x-omitempty: true pagination: $ref: '#/definitions/pagination' mfaCode: type: object required: - code properties: code: type: string mfaFormats: type: string enum: - numeric - alpha - alphaNumeric mfaProviders: type: string enum: - ziti - url osType: type: string enum: - Windows - WindowsServer - Android - iOS - Linux - macOS pagination: type: object required: - limit - offset - totalCount properties: limit: type: number format: int64 offset: type: number format: int64 totalCount: type: number format: int64 password: type: string maxLength: 100 minLength: 5 passwordNullable: type: string maxLength: 100 minLength: 5 x-nullable: true postureCheckType: type: string enum: - OS - PROCESS - DOMAIN - MAC - MFA - PROCESS_MULTI postureQueries: type: object required: - policyId - isPassing - postureQueries properties: isPassing: type: boolean policyId: type: string policyType: $ref: '#/definitions/dialBind' postureQueries: type: array items: $ref: '#/definitions/postureQuery' postureQuery: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - queryType - isPassing - timeout - timeoutRemaining properties: isPassing: type: boolean process: $ref: '#/definitions/postureQueryProcess' processes: type: array items: $ref: '#/definitions/postureQueryProcess' queryType: $ref: '#/definitions/postureCheckType' timeout: type: integer timeoutRemaining: type: integer postureQueryProcess: type: object properties: osType: $ref: '#/definitions/osType' path: type: string postureResponse: type: object required: - services properties: services: type: array items: $ref: '#/definitions/postureResponseService' postureResponseCreate: type: object required: - id - typeId properties: id: type: string typeId: $ref: '#/definitions/postureCheckType' discriminator: typeId postureResponseDomainCreate: allOf: - $ref: '#/definitions/postureResponseCreate' - type: object required: - domain properties: domain: type: string x-class: DOMAIN postureResponseEndpointStateCreate: allOf: - $ref: '#/definitions/postureResponseCreate' - type: object properties: unlocked: type: boolean woken: type: boolean x-class: ENDPOINT_STATE postureResponseEnvelope: type: object required: - meta - data properties: data: $ref: '#/definitions/postureResponse' meta: $ref: '#/definitions/meta' postureResponseMacAddressCreate: allOf: - $ref: '#/definitions/postureResponseCreate' - type: object required: - macAddresses properties: macAddresses: type: array items: type: string x-class: MAC postureResponseOperatingSystemCreate: allOf: - $ref: '#/definitions/postureResponseCreate' - type: object required: - type - version properties: build: type: string type: type: string version: type: string x-class: OS postureResponseProcessCreate: allOf: - $ref: '#/definitions/postureResponseCreate' - type: object required: - process properties: hash: type: string isRunning: type: boolean path: type: string signerFingerprints: type: array items: type: string x-class: PROCESS postureResponseService: type: object required: - id - name - postureQueryType - timeout - timeoutRemaining properties: id: type: string name: type: string postureQueryType: type: string timeout: type: integer timeoutRemaining: type: integer protocol: type: object required: - address properties: address: type: string routerExtendEnrollmentRequest: type: object required: - serverCertCsr - certCsr properties: certCsr: type: string serverCertCsr: type: string sdkInfo: description: SDK information an authenticating client may provide type: object properties: appId: type: string maxLength: 255 appVersion: type: string maxLength: 255 branch: type: string maxLength: 255 revision: type: string maxLength: 255 type: type: string maxLength: 255 version: type: string maxLength: 255 serviceDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name - maxIdleTimeMillis - terminatorStrategy - roleAttributes - permissions - configs - config - encryptionRequired - postureQueries properties: config: description: map of config data for this service keyed by the config type name. Only configs of the types requested will be returned. type: object additionalProperties: type: object additionalProperties: type: object configs: type: array items: type: string encryptionRequired: description: Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. type: boolean maxIdleTimeMillis: type: integer name: type: string permissions: $ref: '#/definitions/dialBindArray' postureQueries: type: array items: $ref: '#/definitions/postureQueries' roleAttributes: $ref: '#/definitions/attributes' terminatorStrategy: type: string serviceEdgeRouters: type: object properties: edgeRouters: type: array items: $ref: '#/definitions/commonEdgeRouterProperties' serviceList: type: array items: $ref: '#/definitions/serviceDetail' servicePatch: type: object properties: configs: type: array items: type: string encryptionRequired: description: Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. type: boolean maxIdleTimeMillis: type: integer name: type: string roleAttributes: type: array items: type: string tags: $ref: '#/definitions/tags' terminatorStrategy: type: string serviceUpdate: type: object required: - name properties: configs: type: array items: type: string encryptionRequired: description: Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create. type: boolean maxIdleTimeMillis: type: integer name: type: string roleAttributes: type: array items: type: string tags: $ref: '#/definitions/tags' terminatorStrategy: type: string sessionCreate: type: object properties: serviceId: type: string tags: $ref: '#/definitions/tags' type: $ref: '#/definitions/dialBind' sessionCreateEnvelope: type: object properties: data: $ref: '#/definitions/sessionDetail' meta: $ref: '#/definitions/meta' sessionDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - type - apiSessionId - apiSession - serviceId - service - token - edgeRouters - identityId properties: apiSession: $ref: '#/definitions/entityRef' apiSessionId: type: string edgeRouters: type: array items: $ref: '#/definitions/sessionEdgeRouter' identityId: type: string service: $ref: '#/definitions/entityRef' serviceId: type: string token: type: string type: $ref: '#/definitions/dialBind' sessionEdgeRouter: allOf: - $ref: '#/definitions/commonEdgeRouterProperties' - type: object required: - urls properties: urls: type: object additionalProperties: type: string sessionList: type: array items: $ref: '#/definitions/sessionDetail' specBodyDetail: type: string specDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - name properties: name: type: string specList: type: array items: $ref: '#/definitions/specDetail' subTags: type: object additionalProperties: type: object tags: description: 'A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean' allOf: - $ref: '#/definitions/subTags' x-nullable: true terminatorClientDetail: type: object allOf: - $ref: '#/definitions/baseEntity' - type: object required: - serviceId - service - routerId - identity properties: identity: type: string routerId: type: string service: $ref: '#/definitions/entityRef' serviceId: type: string terminatorClientList: type: array items: $ref: '#/definitions/terminatorClientDetail' terminatorCost: type: integer maximum: 65535 minimum: 0 terminatorCostMap: type: object additionalProperties: $ref: '#/definitions/terminatorCost' terminatorPrecedence: type: string enum: - default - required - failed terminatorPrecedenceMap: type: object additionalProperties: $ref: '#/definitions/terminatorPrecedence' username: type: string maxLength: 100 minLength: 4 usernameNullable: type: string maxLength: 100 minLength: 4 x-nullable: true version: type: object properties: apiVersions: type: object additionalProperties: type: object additionalProperties: $ref: '#/definitions/apiVersion' buildDate: type: string example: "2020-02-11 16:09:08" capabilities: type: array items: type: string revision: type: string example: ea556fc18740 runtimeVersion: type: string example: go1.13.5 version: type: string example: v0.9.0 securityDefinitions: oauth2: type: oauth2 flow: accessCode authorizationUrl: /oidc/authorize tokenUrl: /oidc/token scopes: openid: openid ztSession: description: An API Key that is provided post authentication type: apiKey name: zt-session in: header